| |
| |||||||
Log-Analyse und Auswertung: langsamer PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.10.2010, 21:41
| #1 |
| |  langsamer PC Hallo, mein PC ist seit seit einige Wochen deutlich langsamer geworden und läuft auch sonst nicht mehr so rund wie am Anfang. Vielleicht kann man meinem HijackThis Logfile etwas entnehmen. Vielen Dank schonmal im Voraus. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:29:04, on 28.10.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Max\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: softonic-de6 Toolbar - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll O1 - Hosts: ::1 localhost O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: softonic-de6 Toolbar - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: softonic-de6 Toolbar - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - d:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - hxxp://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 6431 bytes |
|
31.10.2010, 13:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | langsamer PC Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
31.10.2010, 18:03
| #3 |
| | langsamer PC Danke für die Antwort, habe die Anweisungen befolgt:
__________________Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 5007 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 31.10.2010 17:33:24 mbam-log-2010-10-31 (17-33-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 259705 Laufzeit: 1 Stunde(n), 9 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Max\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Max\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully. und hier die Ergebnisse von OTL:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.10.2010 17:52:10 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Max\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 75,12 Gb Free Space | 50,40% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 57,43 Gb Free Space | 41,23% Space Free | Partition Type: NTFS
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2632993316-3478661033-708405078-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15E56BF4-2D1A-41C5-9336-3ABB7B22D567}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{30555A6F-4AB1-4541-B8D2-44AAB86F3711}" = lport=139 | protocol=6 | dir=in | app=system |
"{3A41EEAC-5F43-45A2-85E7-5D43B8A43570}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B6EFF0F-456B-43CC-BE5A-F6AB8ABD71F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E303877-C951-4922-8A24-8815154D8E2E}" = rport=139 | protocol=6 | dir=out | app=system |
"{506E9F44-5A96-4F08-8BDD-E1876EB3A892}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51670F33-9848-4059-89B3-0A40756F976F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53045B16-D9FB-481F-8774-EAD71C30E707}" = lport=445 | protocol=6 | dir=in | app=system |
"{5BC3099A-F13B-4092-82C6-8C9CC05320F5}" = lport=17708 | protocol=17 | dir=in | name=bitcomet 17708 udp |
"{5C478C4D-4D4A-4741-9E12-8AF70C28291D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C708D9B-DA79-4CAE-8009-2B8FD7CEF7F5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{622B48F5-ACA2-4A64-B167-78863FA9B409}" = lport=138 | protocol=17 | dir=in | app=system |
"{69FA1AAE-05CD-4D0B-92D2-B7F43A6246B6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{6F9FE969-A49E-4E40-B12B-07F6782D9EA1}" = rport=445 | protocol=6 | dir=out | app=system |
"{73E2B6C8-8B73-477F-9E0F-7589E53892A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85A7C632-365C-4AE5-875D-C047909DC049}" = lport=17708 | protocol=17 | dir=in | name=bitcomet 17708 udp |
"{87FE8EB2-95F2-4FEB-B8AC-18142432BCBD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DCEED95-18FF-4FD0-BD9E-248DE7EA7D9E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7140CC5-D2DC-4DCC-83AA-F1624C6091FD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B3DA42A7-A112-406E-A061-5F147696C4BC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B75F8196-4ED5-427E-8C14-233307D9DD54}" = rport=138 | protocol=17 | dir=out | app=system |
"{B877E1D1-31D1-4E00-A18D-12DD33EED8BA}" = lport=17708 | protocol=6 | dir=in | name=bitcomet 17708 tcp |
"{BC4896F3-802C-408C-9390-992A833AFE9A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BD2EABE2-D53B-4A55-92FA-3298E2E3EE66}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C22DA82D-CD73-40D1-96C7-58AEA44ED262}" = rport=137 | protocol=17 | dir=out | app=system |
"{C47FD773-FD47-4AF1-B53F-7E79735DC1B2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D35992DA-4520-4A60-9631-72B7F8AC630A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DC4689EF-61FF-4531-8D8B-60AF672F658B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E0B09B9F-76D2-4D8F-86CC-F631B298C72F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E6B95005-C5FF-4770-9E7D-64BE5183EE78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7F91519-3B04-4B61-8FF6-4C571BBF7850}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EABEC278-E5F7-403B-AA12-E18DD8E55BD9}" = lport=17708 | protocol=6 | dir=in | name=bitcomet 17708 tcp |
"{F1A17EE2-BE06-496E-980D-6E4B4F4E4E96}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CB79FA-2D7F-46DA-BC3A-6DDC7A666ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03D1F5E5-3DC0-4178-BE79-ADFBBB3C1A2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AEE9962-72F3-4AD1-92D0-2B11D7D538B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E60CC7C-F890-4F43-B2DB-B7C06EF83D20}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{127F91B9-3FC5-4A30-9F88-4943B3599D04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12CDC4E7-5D05-434A-9DB6-ED2F79F0045B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1396432E-E8E2-40C4-B6C3-66CBAE2422AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D29EA12-1744-4A6F-B79B-44CC5C17E918}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D7522FC-C673-461C-887A-8455882FF806}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DAE5CF1-11DB-4380-B244-0ECBA445E31E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FD00519-DBF6-489F-BB1C-634F85C4CE65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2328F803-4779-4812-9A6A-7FA925EC3513}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24BE64AD-78B3-457C-A3CF-8AB2A8474C9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2961ADDA-E553-463E-AA5C-850A8B3A1386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B355E12-A210-439A-A61D-2425C5337863}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CEA39E3-56C6-4C7E-A26E-F997C5942280}" = protocol=6 | dir=in | app=d:\program files\wow\backgrounddownloader.exe |
"{314A8A56-03A1-4C8F-A7E5-A9D6CE43E0B9}" = protocol=6 | dir=in | app=d:\program files\starcraft ii\starcraft ii.exe |
"{3433C6F7-7CAA-4FBB-AB72-9E4774199269}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3528E685-4711-4F20-B513-6C4D6DE55CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3977E80E-921C-4BA5-B855-1A2123CD078F}" = protocol=6 | dir=in | app=d:\program files\starcraft ii\versions\base15405\sc2.exe |
"{39E57125-CD7F-45AC-8C9F-3864092817EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A1EF254-9BF2-487B-B99B-DADA10099585}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DD8190A-01C0-46E1-A169-0592CAE830A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40F50C97-4ED8-4B43-9194-DF9ED2555051}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{449939A2-AAC7-4364-9B84-F2262C650BB8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{4CDE3AAC-3127-46F2-BDAA-2CA57FEEC2D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FDFCD94-5771-408B-A21C-2516F6ECEE2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50D8B9BA-7977-4A95-93B3-564817900683}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51C52BD9-E7BB-4BC0-B521-49D56E3F840F}" = protocol=6 | dir=in | app=d:\program files\bitcomet\bitcomet.exe |
"{52CB0709-2582-4616-B3A3-EE8C2E2AD401}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54374182-1AB3-4277-B455-E79888E60E39}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"{54AC2916-E420-4CA0-956A-7AD27F90BA65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57C94965-E4ED-4230-8C14-BE4272B1E4C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{585E925B-9DFF-434F-B9CF-49B46FE19161}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5879F3DD-A52D-4DC7-812C-721B1180EA33}" = protocol=17 | dir=in | app=d:\program files\wow\backgrounddownloader.exe |
"{5EE7461A-B0A5-4B1D-B441-2473B74E5B74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{602A8FB2-66E8-4631-9B83-4067F5A28934}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{651CE2FF-64F4-4E78-847E-8D5AFD952290}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E86A53C-9C6B-4EFE-8629-F65F00891D7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{700A9F76-2785-4FE2-B41C-C516B70AA336}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83EDF6F1-7BD0-421C-B508-48C26D31A586}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8458103B-1840-49B1-9D3B-B0DADE2CEE3A}" = protocol=6 | dir=in | app=d:\program files\bitcomet\bitcomet.exe |
"{84AC41B8-3B9E-4B2E-ACBF-BB595F753BE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85B99FE8-B61C-44E2-87B1-85A62CAC586E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B923CAF-3540-4C18-A2CA-DA73A164A713}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{96BF2771-036E-4124-90B3-50AA7C2CDD04}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{989722A0-8E46-40F3-B078-81CEC2B90AB2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{9D4CD964-316B-44F6-AC58-FD1B21DB1C46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F257F91-ACA3-4077-983E-6EEAA959B012}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A09A7AD1-D3AA-4375-A291-6464882070C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A52D5C66-9445-4FDE-A084-E839B22B28EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A88FF51B-5FD6-4490-A6A8-C11FB9019FA5}" = protocol=17 | dir=in | app=d:\program files\bitcomet\bitcomet.exe |
"{A8E0A3E1-00FA-4FCB-B4E4-36A7629A7093}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABB4598F-D063-4D70-B402-98D8A91C3617}" = protocol=17 | dir=in | app=d:\program files\starcraft ii\starcraft ii.exe |
"{ABD38CD8-AB80-4997-A087-FEA429B1569F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC0D650D-38C7-4DDF-9FF3-372447842F59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC291A00-AC92-46C4-95CC-5460823BEB31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE147FA5-B9F7-4053-9833-B65377B18521}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of mythology2\aomx.exe |
"{AEA85AE9-5F73-4AF4-9BC5-9355AE9EC291}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B30EB6FE-C0C2-4018-9B97-6439E7892E10}" = protocol=17 | dir=in | app=d:\program files\bitcomet\bitcomet.exe |
"{B31FDBBE-6745-4232-A4F8-A54E38F9A437}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B33C05C0-5C4A-43D9-A7D1-99F20B1955A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B378F36F-C7D8-47FC-BC10-1A9B91A875BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6A535B9-FE07-4F4B-A372-8FD08B26E386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B905584E-9CCA-4B20-859F-D4D30285BD67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB96DD3B-D3C6-476A-8B6F-800B97273C53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEDEC27E-3189-4E28-8E61-8F8B9B98396B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3146080-9F36-4C6A-ACEA-CE7DF9101961}" = protocol=17 | dir=in | app=d:\program files\gamespy arcade\aphex.exe |
"{C3255051-2DC9-4ED4-A2E0-67C15759FC20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3E9828D-E5AB-41AD-8C06-8EEC1E9B550F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4D49EE4-351A-477E-81F0-D13283E23F19}" = protocol=6 | dir=in | app=d:\program files\sony ericsson\update service\update service.exe |
"{C5808D20-4C23-4A6A-9853-BB039D2D9B8F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"{CB7E38CE-EFAC-48B7-9D91-A53DD4677ECB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBDA4B72-FE1B-4DE8-ACDD-911FAA3BE8A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CEFF1341-F057-454D-BE52-D3F15B368E7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D05A7B7B-F65B-4A0A-BCF3-6A0F4EAAE4E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0BBB1CE-D009-41C3-BD4C-D65B959AA6A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D11F22E0-A851-48E2-BA28-397593BD3FE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D24C3612-1822-47B0-94B7-09C64BF4B422}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D257DAB9-F871-419F-81F6-124CC715B4BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D58F3588-FD65-4B45-AF2E-2CA3B756D75C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8238517-BFF7-4672-A6C9-40FC9EA632F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBDB508C-2E77-4F4F-8DBB-F223D5E1C5CF}" = protocol=17 | dir=in | app=d:\program files\starcraft ii\versions\base15405\sc2.exe |
"{DD3E614E-A3EE-4C5E-9E05-DD2167F643CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE5641D8-EE52-497A-A2B8-546A75C4EC6F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E64B1FB9-CF8E-4EEF-A390-FF81F2B66064}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6C82271-8F73-4CB6-8A3F-81049687545C}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe |
"{E935DA01-78BF-4157-9728-31179734CCC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE2C4488-D9AF-4F3F-A802-D84A50E067BB}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe |
"{EF7424CB-7FC3-47A7-ABE0-166B46C34D27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1B97A68-AD26-4B31-9491-A0627763CF7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2B06E5F-6CEA-4AB3-AB66-FF9B2C6785A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3649741-6E20-491B-B5BF-77BF62BF3A80}" = protocol=17 | dir=in | app=d:\program files\sony ericsson\update service\update service.exe |
"{F3DCD001-F523-41B1-A8DF-E26CB2D2C8A5}" = protocol=6 | dir=in | app=d:\program files\gamespy arcade\aphex.exe |
"{F4638353-14F5-4E68-AA6A-E6BD266A7EC1}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of mythology2\aomx.exe |
"{F54A0192-8211-40EF-B2E2-1B52C62DF0A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8EB8498-6AB7-4B21-8A82-E8B8CBBBE2FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA0381F8-085F-4EAA-8F95-4960FDE5B501}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCAE1823-A5E0-46CA-9E36-0F2394654436}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEBEB14C-B25E-4C86-A41B-70BFE78D6586}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3810FC35-DB6F-4BB7-BB52-804BC9AAF895}D:\program files\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=d:\program files\aoe2\age2_x1.exe |
"TCP Query User{392235CD-7327-4C42-ABEC-CA3431BF9A25}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{3B7A6C3C-3934-4E6C-8AB5-48B0947F555F}D:\program files\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=d:\program files\aoe2\age2_x1.exe |
"TCP Query User{458BA83D-5DBF-4D46-8F29-089601B77A83}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{4D958576-DFF0-4CCE-AC03-D673D5E7A6F7}D:\program files\valve\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=d:\program files\valve\aoe2\age2_x1.exe |
"TCP Query User{596B4369-DD45-4B22-9556-5D25D6C3B227}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{5E0E2018-516F-4094-8CA0-FAB0E41550A0}D:\program files\valve\hl.exe" = protocol=6 | dir=in | app=d:\program files\valve\hl.exe |
"TCP Query User{6394078D-E6F4-44F9-8B3A-C3A97C6375A5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{64943510-50B8-48C5-B679-7DAB948E8399}D:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\program files\diablo ii\game.exe |
"TCP Query User{7B2DB3E3-3AFF-475D-A821-6437278FECAF}D:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\program files\diablo ii\game.exe |
"TCP Query User{9BE4BBD0-2609-4491-9CDB-8178314C33A6}D:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\program files\warcraft iii\war3.exe |
"TCP Query User{A71967F3-E566-46CB-B56A-F096C86938BD}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe |
"TCP Query User{A74F4F2D-E233-492A-93A7-F5229F4D7DBE}D:\program files\wow\repair.exe" = protocol=6 | dir=in | app=d:\program files\wow\repair.exe |
"TCP Query User{A952F76F-FF62-43BC-8551-B517ADDB8409}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B3006664-EEE5-43A5-A1D8-6838CF58E4BF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C16E3AA8-2422-4D83-947A-AC0DA0A00FED}C:\users\max\appdata\local\temp\rar$ex00.531\volley.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\local\temp\rar$ex00.531\volley.exe |
"TCP Query User{CB6A81F3-E770-4F42-8204-42DFE4566C01}D:\program files\wow\launcher.exe" = protocol=6 | dir=in | app=d:\program files\wow\launcher.exe |
"TCP Query User{CC4C8046-7B81-4C28-9D2F-64FA26EDCCA8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D2A50848-3C50-42A9-852C-44DD3892CE57}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D8079590-48EB-4256-9C1D-7DD4528C1489}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E96458A3-F81C-49AE-A221-89195F6FE6E5}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{FD75BD6C-7661-40DC-92F1-8AEFC9E5D53D}D:\program files\microsoft games\age of mythology2\aom.exe" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of mythology2\aom.exe |
"TCP Query User{FDE7965E-863A-493D-A3E7-CB8765935A55}D:\program files\age of mythology\aom.exe" = protocol=6 | dir=in | app=d:\program files\age of mythology\aom.exe |
"UDP Query User{076FE381-7B7C-4A4D-8A40-54B1040C7A1F}D:\program files\microsoft games\age of mythology2\aom.exe" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of mythology2\aom.exe |
"UDP Query User{081FFC8E-EE74-4B33-A262-B4F419B26D89}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1BBFEC06-BBDF-44A2-AE72-9D58930C4BE4}D:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\program files\diablo ii\game.exe |
"UDP Query User{22E15A35-119B-4D67-A506-1628DFA0106B}D:\program files\valve\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=d:\program files\valve\aoe2\age2_x1.exe |
"UDP Query User{30189E10-0AE3-4034-B89B-D75D1784D114}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{45C0C782-F888-47C0-B5EF-82E3F444C3E4}D:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\program files\warcraft iii\war3.exe |
"UDP Query User{53E807A7-B7B1-403F-923D-B0E56B8A312A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{58DE9F5E-2F60-421F-B3C6-E3BC2C166173}D:\program files\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=d:\program files\aoe2\age2_x1.exe |
"UDP Query User{67DCE414-1FEB-4D9D-B66E-0D0D4B885DD6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{693FE5E3-55BD-441B-AEE6-4D04670D261C}D:\program files\wow\launcher.exe" = protocol=17 | dir=in | app=d:\program files\wow\launcher.exe |
"UDP Query User{6F5C742F-79E9-42AC-99FC-5C4792954A48}D:\program files\wow\repair.exe" = protocol=17 | dir=in | app=d:\program files\wow\repair.exe |
"UDP Query User{75E7CCB4-483B-45D0-93C6-D7521089D44C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe |
"UDP Query User{90643CA1-D599-42DB-856B-28FE4332C7C5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{972CB20B-EF6A-4B2E-B164-91730F01A579}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A559A4D0-91A1-40F4-BA0B-28D527ED894B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B741C40A-DAC4-4358-AC2B-1E3F7F8F4DA0}D:\program files\valve\hl.exe" = protocol=17 | dir=in | app=d:\program files\valve\hl.exe |
"UDP Query User{C7FCBFCC-AA9B-4B4D-A99B-D08E38D685A9}D:\program files\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=d:\program files\aoe2\age2_x1.exe |
"UDP Query User{D78F1F6F-F6E5-499A-81CC-672E317EEE56}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{DB15AF2C-B85A-4DD6-8C25-C1DD636FF938}D:\program files\age of mythology\aom.exe" = protocol=17 | dir=in | app=d:\program files\age of mythology\aom.exe |
"UDP Query User{E6575B43-0614-49D0-9EE3-F42614DDB9AF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EF717885-AE4B-4534-8362-34F6D84106BA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{F70659EA-2D13-451A-9236-AAB48A5B5F51}D:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\program files\diablo ii\game.exe |
"UDP Query User{FDE8B9CF-949E-49C7-9818-D01824EADDD9}C:\users\max\appdata\local\temp\rar$ex00.531\volley.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\local\temp\rar$ex00.531\volley.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Ultra Edition HD
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitComet" = BitComet 1.16
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"softonic-de6 Toolbar" = softonic-de6 Toolbar
"SopCast" = SopCast 3.2.4
"StarCraft II" = StarCraft II
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"Voca" = Voca
"vShare" = vShare Plugin
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.10.2010 10:37:24 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.10.2010 10:37:38 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.10.2010 10:37:39 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.10.2010 10:38:46 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.10.2010 12:40:40 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.10.2010 12:40:54 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.10.2010 12:45:54 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.10.2010 13:07:22 | Computer Name = Max-PC | Source = Application Hang | ID = 1002
Description = Programm Ad-AwareAdmin.exe, Version 8.0.0.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 37c Anfangszeit: 01cb6ee43081e457 Zeitpunkt
der Beendigung: 18
Error - 18.10.2010 18:04:13 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.10.2010 14:32:35 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 30.10.2010 07:36:59 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 30.10.2010 09:29:29 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.10.2010 um 15:28:11 unerwartet heruntergefahren.
Error - 30.10.2010 09:29:38 | Computer Name = Max-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 30.10.2010 09:32:01 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 31.10.2010 07:37:16 | Computer Name = Max-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 31.10.2010 07:40:15 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 31.10.2010 09:17:31 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 31.10.2010 11:04:21 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.10.2010 um 15:59:09 unerwartet heruntergefahren.
Error - 31.10.2010 11:08:15 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 31.10.2010 11:21:26 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.10.2010 17:52:10 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Max\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 75,12 Gb Free Space | 50,40% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 57,43 Gb Free Space | 41,23% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Max\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Windows\System32\libusbd-nt.exe (libusb-Win32) ========== Modules (SafeList) ========== MOD - C:\Users\Max\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OMSI download service) -- d:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (libusb-Win32) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (GarenaPEngine) -- C:\Users\Max\AppData\Local\Temp\ZQNC2BB.tmp () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKLM\..\URLSearchHook: {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de6 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "softonic-de6 Customized Web Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {c41dc498-e2f1-4803-bb90-0b2f20482e62}:2.7.2.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 14:11:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 14:11:48 | 000,000,000 | ---D | M] [2009.10.23 14:54:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2010.10.31 15:58:01 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions [2010.04.28 11:59:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.17 13:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.20 11:21:23 | 000,000,000 | ---D | M] (softonic-de6 Toolbar) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62} [2009.11.25 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions\firefox@tvunetworks.com [2009.10.28 11:30:38 | 000,000,886 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\FireFox\Profiles\6qrobfpg.default\searchplugins\conduit.xml [2010.10.31 15:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.08.24 15:06:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.10.11 21:39:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.11 21:39:09 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.11 21:39:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.11 21:39:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.11 21:39:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (softonic-de6 Toolbar) - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (softonic-de6 Toolbar) - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de6 Toolbar) - {C41DC498-E2F1-4803-BB90-0B2F20482E62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - d:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.110.57.4 193.110.56.8 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{279da747-bf4b-11df-b6b6-a4a3d922f8eb}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O33 - MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\Shell - "" = AutoRun O33 - MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AOMsetup.exe -- File not found O33 - MountPoints2\H\Shell\directx\command - "" = H:\DirectX\dxsetup.exe -- File not found O33 - MountPoints2\H\Shell\setup\command - "" = H:\AOMsetup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.31 17:34:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2010.10.31 15:16:40 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes [2010.10.31 15:16:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.31 15:16:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.31 15:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.10.31 15:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.31 15:15:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Max\Desktop\mbam-setup-1.46.exe [2010.10.28 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Anatomie Vorlesung [2010.10.18 17:31:28 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Sunbelt Software [2010.10.18 17:30:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010.10.18 17:26:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\BitComet [2010.10.18 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\FIFA 11 [2010.10.18 14:49:38 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010.10.18 14:49:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010.10.18 14:49:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010.10.18 14:49:37 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010.10.18 14:49:37 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.10.18 14:49:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010.10.18 14:49:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010.10.18 14:49:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010.10.18 14:49:36 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010.10.18 14:49:36 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010.10.18 14:49:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010.10.18 14:49:35 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010.10.18 14:49:35 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010.10.18 14:49:35 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.10.18 14:49:35 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010.10.18 14:49:34 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2010.10.18 14:49:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2010.10.18 14:49:34 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.10.18 14:49:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2010.10.18 14:49:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.10.18 14:49:33 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2010.10.18 14:49:33 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2010.10.18 14:49:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2010.10.18 14:49:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2010.10.18 14:49:33 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2010.10.18 14:49:33 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2010.10.18 14:49:32 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2010.10.17 13:45:53 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.17 13:45:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.17 13:44:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.17 13:44:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.17 13:44:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.17 13:44:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.17 13:44:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.17 13:44:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.17 13:44:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.17 13:44:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.17 13:44:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.17 13:44:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.17 13:44:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.17 13:44:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.17 13:44:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.17 13:44:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.17 13:44:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.17 13:44:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.17 13:44:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.17 13:13:17 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.17 13:12:57 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.17 13:12:57 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.17 13:12:39 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.17 13:12:20 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.17 13:11:59 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.17 13:07:02 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2010.10.13 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Uni [2010.10.06 21:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software [2010.10.06 21:49:19 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Sony Ericsson [2010.10.06 21:45:27 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC66D.dll [2010.10.06 21:45:25 | 000,114,600 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdm.sys [2010.10.06 21:45:25 | 000,109,736 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017unic.sys [2010.10.06 21:45:25 | 000,108,328 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mgmt.sys [2010.10.06 21:45:25 | 000,104,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017obex.sys [2010.10.06 21:45:25 | 000,086,824 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017bus.sys [2010.10.06 21:45:25 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017nd5.sys [2010.10.06 21:45:25 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdfl.sys [2010.10.06 21:45:25 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017whnt.sys [2010.10.06 21:45:25 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017wh.sys [2010.10.06 21:45:25 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cmnt.sys [2010.10.06 21:45:25 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cm.sys [2010.10.06 21:45:25 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cr.sys [2010.10.06 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2010.10.04 13:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.10.04 13:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.10.04 13:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.10.04 13:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2008.06.03 07:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2010.10.31 17:34:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2010.10.31 17:33:57 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\joot.sys [2010.10.31 16:24:52 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.31 16:24:52 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.31 16:24:52 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.31 16:24:52 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.31 16:17:48 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010.10.31 16:17:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 16:17:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 16:17:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.31 16:17:15 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2010.10.31 15:16:33 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.31 15:16:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Max\Desktop\mbam-setup-1.46.exe [2010.10.21 12:08:20 | 210,217,580 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.20 23:01:05 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.10.20 22:53:59 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2010.10.20 22:53:59 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2010.10.20 19:43:01 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.10.20 11:28:19 | 000,041,984 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.20 09:42:27 | 000,370,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.18 09:37:10 | 000,000,664 | ---- | M] () -- C:\Users\Max\Desktop\BitComet.lnk [2010.10.10 16:10:24 | 000,024,064 | ---- | M] () -- C:\Users\Max\Documents\inet code.doc [2010.10.06 21:45:27 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpeC66D.dll [2010.10.06 21:37:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf ========== Files Created - No Company Name ========== [2010.10.31 17:33:57 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\joot.sys [2010.10.31 15:16:33 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.20 09:43:29 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2010.10.20 09:43:28 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2010.10.18 09:37:12 | 000,000,664 | ---- | C] () -- C:\Users\Max\Desktop\BitComet.lnk [2010.10.10 16:10:22 | 000,024,064 | ---- | C] () -- C:\Users\Max\Documents\inet code.doc [2010.10.06 21:37:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2010.08.30 16:34:14 | 000,000,351 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.01.10 18:30:55 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2009.11.28 02:51:57 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.10.19 20:21:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.28 12:39:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.01.05 13:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.11.24 15:07:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.11.23 19:53:07 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2008.11.23 16:07:57 | 000,041,984 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.03 17:08:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.07.02 03:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.03.09 15:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.10.01 07:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.06.12 18:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico [2007.05.09 08:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > |
|
31.10.2010, 18:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | langsamer PC Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{279da747-bf4b-11df-b6b6-a4a3d922f8eb}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\Shell - "" = AutoRun
O33 - MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AOMsetup.exe -- File not found
O33 - MountPoints2\H\Shell\directx\command - "" = H:\DirectX\dxsetup.exe -- File not found
O33 - MountPoints2\H\Shell\setup\command - "" = H:\AOMsetup.exe -- File not found
[2010.10.31 17:33:57 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\joot.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.10.2010, 18:50
| #5 |
| | langsamer PC Habe nach dem Neustart folgende Logfile erhalten: All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{279da747-bf4b-11df-b6b6-a4a3d922f8eb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{279da747-bf4b-11df-b6b6-a4a3d922f8eb}\ not found. File G:\Setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7685a9a1-aeb6-11df-9618-f80511326fe8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7685a9a1-aeb6-11df-9618-f80511326fe8}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\AOMsetup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\DirectX\dxsetup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\AOMsetup.exe not found. File C:\Windows\System32\drivers\joot.sys not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Max ->Temp folder emptied: 7495313367 bytes ->Temporary Internet Files folder emptied: 227351164 bytes ->Java cache emptied: 1450934 bytes ->FireFox cache emptied: 98945438 bytes ->Opera cache emptied: 15060718 bytes ->Flash cache emptied: 349859 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 68109100 bytes RecycleBin emptied: 0 bytes |
|
31.10.2010, 19:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | langsamer PC Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> langsamer PC |
|
01.11.2010, 12:30
| #7 |
| | langsamer PC Combofix Logfile: Code:
ATTFilter ComboFix 10-10-31.04 - Max 01.11.2010 12:12:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2143 [GMT 1:00]
ausgeführt von:: c:\users\Max\Desktop\cofi.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpeC66D.dll
c:\windows\system32\logs
c:\windows\system32\logs\cpu.log
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-01 bis 2010-11-01 ))))))))))))))))))))))))))))))
.
2010-11-01 11:19 . 2010-11-01 11:20 -------- d-----w- c:\users\Max\AppData\Local\temp
2010-11-01 11:19 . 2010-11-01 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 17:32 . 2010-10-31 17:32 -------- d-----w- C:\_OTL
2010-10-31 14:16 . 2010-10-31 14:16 -------- d-----w- c:\users\Max\AppData\Roaming\Malwarebytes
2010-10-31 14:16 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 14:16 . 2010-10-31 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 14:16 . 2010-10-31 14:16 -------- d-----w- c:\programdata\Malwarebytes
2010-10-31 14:16 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 15:29 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1762D8E3-2206-46CC-9928-0EC8C9C30C33}\mpengine.dll
2010-10-18 16:31 . 2010-10-18 16:31 -------- d-----w- c:\users\Max\AppData\Local\Sunbelt Software
2010-10-18 16:30 . 2010-10-18 16:30 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-18 16:26 . 2010-10-18 16:27 -------- d-----w- c:\users\Max\AppData\Roaming\BitComet
2010-10-17 12:45 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-17 12:45 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-17 12:45 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-17 12:45 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-17 12:45 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-17 12:45 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-17 12:45 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-17 12:13 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-17 12:13 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-17 12:13 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-17 12:12 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-17 12:12 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-17 12:12 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-17 12:12 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-17 12:11 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-17 12:11 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-17 12:07 . 2010-10-17 12:07 -------- d-----w- c:\windows\CheckSur
2010-10-11 20:39 . 2010-10-24 11:24 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-11 20:39 . 2010-10-24 11:24 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\programdata\BVRP Software
2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\users\Max\AppData\Local\Sony Ericsson
2010-10-04 12:27 . 2010-10-04 12:27 -------- d-----w- c:\program files\iPod
2010-10-04 12:27 . 2010-10-04 12:28 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-04 12:20 . 2010-10-04 12:20 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 09:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 17:08 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c41dc498-e2f1-4803-bb90-0b2f20482e62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\softonic-de6\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c41dc498-e2f1-4803-bb90-0b2f20482e62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C41DC498-E2F1-4803-BB90-0B2F20482E62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-04 16:00 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-09-22 07:27 47672 ----a-w- c:\windows\AsScrProlog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-09-22 07:27 33136 ----a-w- c:\windows\ASScrPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSTPE]
2007-10-12 04:44 106496 ----a-w- c:\windows\System32\ASUSTPE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-06-25 02:01 159744 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 17:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- d:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 12:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- d:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-07 08:25 4853760 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17 434176 ----a-w- d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2632993316-3478661033-708405078-1000]
"EnableNotificationsRef"=dword:00000003
R3 GarenaPEngine;GarenaPEngine;c:\users\Max\AppData\Local\Temp\ZQNC2BB.tmp [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-12-22 13224]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R4 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-23 64160]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-04 1029456]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-10-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic-de6 Customized Web Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}\components\FFExternalAlert.dll
FF - component: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Veetle\Player\npvlc.dll
FF - plugin: d:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: d:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Getdo - c:\users\Max\AppData\Roaming\Adobe\Update\flacor.dat
MSConfigStartUp-isCfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Age of Mythology Expansion Pack 1.0 - d:\program files\Microsoft Games\Age of Mythology2\UNINSTAL.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-01 12:20
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\windows\TEMP\TMP00000059161FB73ECF4C9B14 524288 bytes executable
C:\ADSM_PData_0150
Scan erfolgreich abgeschlossen
versteckte Dateien: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Max\AppData\Local\Temp\ZQNC2BB.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-11-01 12:22:23
ComboFix-quarantined-files.txt 2010-11-01 11:22
Vor Suchlauf: 8 Verzeichnis(se), 88.068.800.512 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 88.060.944.384 Bytes frei
- - End Of File - - 1936937D8FEEB8103868ED13788AAEE7
|
|
01.11.2010, 17:48
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | langsamer PC Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2010, 20:14
| #9 |
| | langsamer PC Combofix Logfile: Code:
ATTFilter ComboFix 10-10-31.04 - Max 01.11.2010 18:55:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2119 [GMT 1:00]
ausgeführt von:: c:\users\Max\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Max\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-01 bis 2010-11-01 ))))))))))))))))))))))))))))))
.
2010-11-01 18:02 . 2010-11-01 18:02 -------- d-----w- c:\users\Max\AppData\Local\temp
2010-11-01 18:02 . 2010-11-01 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-01 11:10 . 2010-11-01 11:22 -------- d-----w- C:\cofi
2010-10-31 17:32 . 2010-10-31 17:32 -------- d-----w- C:\_OTL
2010-10-31 14:16 . 2010-10-31 14:16 -------- d-----w- c:\users\Max\AppData\Roaming\Malwarebytes
2010-10-31 14:16 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 14:16 . 2010-10-31 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 14:16 . 2010-10-31 14:16 -------- d-----w- c:\programdata\Malwarebytes
2010-10-31 14:16 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 15:29 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1762D8E3-2206-46CC-9928-0EC8C9C30C33}\mpengine.dll
2010-10-18 16:31 . 2010-10-18 16:31 -------- d-----w- c:\users\Max\AppData\Local\Sunbelt Software
2010-10-18 16:30 . 2010-10-18 16:30 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-18 16:26 . 2010-10-18 16:27 -------- d-----w- c:\users\Max\AppData\Roaming\BitComet
2010-10-17 12:45 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-17 12:45 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-17 12:45 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-17 12:45 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-17 12:45 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-17 12:45 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-17 12:45 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-17 12:13 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-17 12:13 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-17 12:13 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-17 12:12 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-17 12:12 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-17 12:12 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-17 12:12 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-17 12:11 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-17 12:11 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-17 12:07 . 2010-10-17 12:07 -------- d-----w- c:\windows\CheckSur
2010-10-11 20:39 . 2010-11-01 15:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-11 20:39 . 2010-11-01 15:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\programdata\BVRP Software
2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\users\Max\AppData\Local\Sony Ericsson
2010-10-04 12:27 . 2010-10-04 12:27 -------- d-----w- c:\program files\iPod
2010-10-04 12:27 . 2010-10-04 12:28 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-04 12:20 . 2010-10-04 12:20 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 09:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 17:08 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097} ----
2010-10-18 16:30 . 2010-10-18 16:30 454 -c--a-w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.dat
2010-10-18 16:30 . 2010-10-18 16:30 8 -c--a-w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.lan
2010-10-18 16:30 . 2010-10-18 16:30 5031 -c--a-w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.par
2010-10-18 16:30 . 2010-10-18 16:30 90 -c--a-w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\instance.dat
2010-10-18 16:30 . 2010-09-23 07:46 574219 -c--a-w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\mia.lib
2010-10-18 16:30 . 2010-09-23 07:46 21611885 -c--a-w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.res
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c41dc498-e2f1-4803-bb90-0b2f20482e62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\softonic-de6\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c41dc498-e2f1-4803-bb90-0b2f20482e62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C41DC498-E2F1-4803-BB90-0B2F20482E62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-04 16:00 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-09-22 07:27 47672 ----a-w- c:\windows\AsScrProlog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-09-22 07:27 33136 ----a-w- c:\windows\ASScrPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSTPE]
2007-10-12 04:44 106496 ----a-w- c:\windows\System32\ASUSTPE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-06-25 02:01 159744 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 17:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- d:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 12:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- d:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-07 08:25 4853760 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17 434176 ----a-w- d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2632993316-3478661033-708405078-1000]
"EnableNotificationsRef"=dword:00000003
R3 GarenaPEngine;GarenaPEngine;c:\users\Max\AppData\Local\Temp\ZQNC2BB.tmp [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-12-22 13224]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R4 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-23 64160]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-04 1029456]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-10-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic-de6 Customized Web Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}\components\FFExternalAlert.dll
FF - component: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Veetle\Player\npvlc.dll
FF - plugin: d:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: d:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-01 19:02
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Max\AppData\Local\Temp\ZQNC2BB.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(5752)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2010-11-01 19:05:12
ComboFix-quarantined-files.txt 2010-11-01 18:05
ComboFix2.txt 2010-11-01 11:22
Vor Suchlauf: 12 Verzeichnis(se), 91.747.033.088 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 90.582.298.624 Bytes frei
- - End Of File - - BCD0C36A54567290BB79BBBF8EA96789
|
|
01.11.2010, 20:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | langsamer PC Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2010, 20:26
| #11 |
| | langsamer PC MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: PEGATRON CORPORATION BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUSTeK Computer Inc. System Product Name: F5SR Logical Drives Mask: 0x0000003c Kernel Drivers (total 157): 0x8200C000 \SystemRoot\system32\ntkrnlpa.exe 0x823C5000 \SystemRoot\system32\hal.dll 0x80404000 \SystemRoot\system32\kdcom.dll 0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8047B000 \SystemRoot\system32\PSHED.dll 0x8048C000 \SystemRoot\system32\BOOTVID.dll 0x80494000 \SystemRoot\system32\CLFS.SYS 0x804D5000 \SystemRoot\system32\CI.dll 0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80694000 \SystemRoot\system32\drivers\acpi.sys 0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys 0x806EB000 \SystemRoot\system32\drivers\pci.sys 0x80712000 \SystemRoot\System32\drivers\partmgr.sys 0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8072E000 \SystemRoot\system32\drivers\volmgr.sys 0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys 0x80787000 \SystemRoot\system32\drivers\pciide.sys 0x8078E000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8079C000 \SystemRoot\System32\drivers\mountmgr.sys 0x807AC000 \SystemRoot\system32\drivers\atapi.sys 0x807B4000 \SystemRoot\system32\drivers\ataport.SYS 0x805B5000 \SystemRoot\system32\drivers\fltmgr.sys 0x807D2000 \SystemRoot\system32\drivers\fileinfo.sys 0x807E2000 \SystemRoot\System32\Drivers\AsDsm.sys 0x807EC000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x80600000 \SystemRoot\system32\DRIVERS\lullaby.sys 0x82608000 \SystemRoot\System32\Drivers\ksecdd.sys 0x82679000 \SystemRoot\system32\drivers\ndis.sys 0x82784000 \SystemRoot\system32\drivers\msrpc.sys 0x827AF000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A20E000 \SystemRoot\System32\drivers\tcpip.sys 0x8A2F8000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8A40A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A51A000 \SystemRoot\system32\drivers\wd.sys 0x8A522000 \SystemRoot\system32\drivers\volsnap.sys 0x8A55B000 \SystemRoot\System32\Drivers\spldr.sys 0x8A563000 \SystemRoot\System32\Drivers\mup.sys 0x8A572000 \SystemRoot\System32\drivers\ecache.sys 0x8A599000 \SystemRoot\system32\drivers\disk.sys 0x8A5AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A5CB000 \SystemRoot\system32\drivers\crcdisk.sys 0x8A5F4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A400000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8A313000 \SystemRoot\system32\DRIVERS\ATKACPI.sys 0x8A31B000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8DE0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x8E2D5000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8E374000 \SystemRoot\System32\drivers\watchdog.sys 0x8E380000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8E393000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0x8E39B000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8E3A6000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8E3B1000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8E3C9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8E3CF000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8A32A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8E3D9000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8E3E8000 \SystemRoot\system32\DRIVERS\SiSGB6.sys 0x8E404000 \SystemRoot\system32\DRIVERS\athr.sys 0x8E4F4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E581000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8E585000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8E5B4000 \SystemRoot\system32\DRIVERS\storport.sys 0x8E5F5000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8A368000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8DE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8A37F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8A3A2000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8A3B1000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8A3C5000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8A3DA000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8E400000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8E604000 \SystemRoot\system32\DRIVERS\ks.sys 0x8E62E000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8E638000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8E645000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8E67A000 \SystemRoot\system32\drivers\libusb0.sys 0x8E688000 \SystemRoot\system32\drivers\usbd.sys 0x8E68A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8EA00000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8E69B000 \SystemRoot\system32\drivers\portcls.sys 0x8E6C8000 \SystemRoot\system32\drivers\drmk.sys 0x8EC08000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x8ED2E000 \SystemRoot\system32\drivers\modem.sys 0x8ED3B000 \SystemRoot\system32\drivers\MODEMCSA.sys 0x8ED45000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8ED4E000 \SystemRoot\System32\Drivers\Null.SYS 0x8ED55000 \SystemRoot\System32\Drivers\Beep.SYS 0x8ED5C000 \SystemRoot\System32\drivers\vga.sys 0x8ED68000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8ED89000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8ED91000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8ED99000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8EDA4000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8EDB2000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8EDBB000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8EDD1000 \SystemRoot\system32\DRIVERS\smb.sys 0x8E6ED000 \SystemRoot\system32\drivers\afd.sys 0x8E735000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8EDE5000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8EBF2000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8EC00000 \SystemRoot\System32\Drivers\StarOpen.SYS 0x8E767000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8E77A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8E780000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0x8E78E000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8E7CA000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8E7D4000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F008000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8F024000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8F02D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8F03D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8F044000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8F046000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8F04E000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F05B000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8F066000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x9140A000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x915BB000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x915C8000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x915CF000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x95E70000 \SystemRoot\System32\win32k.sys 0x915E1000 \SystemRoot\System32\drivers\Dxapi.sys 0x915EB000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96090000 \SystemRoot\System32\TSDDD.dll 0x960B0000 \SystemRoot\System32\cdd.dll 0x8F06E000 \SystemRoot\system32\drivers\luafv.sys 0x8F089000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8F09D000 \SystemRoot\system32\drivers\spsys.sys 0x8F14D000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8F15D000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x91400000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8F187000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8F19A000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys 0x9DE01000 \SystemRoot\system32\drivers\HTTP.sys 0x9DE6E000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9DE8B000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9DEA4000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9DEB9000 \SystemRoot\system32\drivers\mrxdav.sys 0x9DEDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9DEF9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9DF32000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9DF4A000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9DF72000 \SystemRoot\System32\DRIVERS\srv.sys 0x9DFC0000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 0x9A002000 \SystemRoot\system32\drivers\peauth.sys 0x9A0E0000 \SystemRoot\System32\Drivers\fastfat.SYS 0x9A108000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9A112000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9A11E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x9A133000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x9A145000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x9A15B000 \SystemRoot\system32\DRIVERS\ipnat.sys 0x76E60000 \Windows\System32\ntdll.dll Processes (total 63): 0 System Idle Process 4 System 516 C:\Windows\System32\smss.exe 664 csrss.exe 728 C:\Windows\System32\wininit.exe 740 csrss.exe 772 C:\Windows\System32\services.exe 788 C:\Windows\System32\lsass.exe 796 C:\Windows\System32\lsm.exe 820 C:\Windows\System32\winlogon.exe 988 C:\Windows\System32\svchost.exe 1068 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1204 C:\Windows\System32\Ati2evxx.exe 1264 C:\Windows\System32\svchost.exe 1292 C:\Windows\System32\svchost.exe 1316 C:\Windows\System32\svchost.exe 1384 C:\Windows\System32\audiodg.exe 1408 C:\Windows\System32\svchost.exe 1424 C:\Windows\System32\SLsvc.exe 1496 C:\Windows\System32\svchost.exe 1644 C:\Windows\System32\Ati2evxx.exe 1740 C:\Windows\System32\svchost.exe 1904 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1912 C:\Windows\System32\wlanext.exe 528 C:\Windows\System32\spoolsv.exe 544 C:\Windows\System32\taskeng.exe 724 C:\Windows\System32\dwm.exe 1156 C:\Windows\explorer.exe 1416 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1604 C:\Windows\System32\svchost.exe 2076 C:\Windows\System32\taskeng.exe 2224 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe 2260 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2272 C:\Windows\RtHDVCpl.exe 2428 C:\Program Files\ASUS\ASUS Live Update\ALU.exe 2444 C:\Windows\System32\agrsmsvc.exe 2468 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2520 C:\Windows\System32\libusbd-nt.exe 2544 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2624 C:\Windows\System32\svchost.exe 2744 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 2760 C:\Windows\System32\svchost.exe 2876 C:\Windows\System32\svchost.exe 2904 C:\Windows\System32\SearchIndexer.exe 3352 WUDFHost.exe 3840 unsecapp.exe 3956 C:\Windows\System32\alg.exe 4032 WmiPrvSE.exe 3476 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 3952 C:\Windows\System32\mobsync.exe 872 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 792 C:\Program Files\Windows Live\Contacts\wlcomm.exe 1708 C:\Program Files\Skype\Phone\Skype.exe 4140 C:\Program Files\Skype\Plugin Manager\skypePM.exe 2980 C:\Windows\System32\SearchProtocolHost.exe 1968 C:\Program Files\Internet Explorer\iexplore.exe 4288 C:\Program Files\Internet Explorer\iexplore.exe 4904 C:\Program Files\Internet Explorer\iexplore.exe 4580 C:\Windows\System32\SearchFilterHost.exe 5116 <unknown> 4688 C:\Windows\System32\conime.exe 4164 C:\Users\Max\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`b3aef400 (NTFS) PhysicalDrive0 Model Number: ST9320320AS, Rev: 0303 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 16FACB29D75458833E397367B1DA17929157C2B3 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
|
| Themen zu langsamer PC |
| ad-aware, adobe, antivir, antivir guard, avg, avira, bho, converter, defender, desktop, excel, hijack, hijackthis, hijackthis logfile, internet, internet explorer, logfile, mp3, object, plug-in, rundll, software, symantec, system, vista, windows |
Linear-Darstellung
